Lucas123 writes: Security researcher Samy Kamkar posted a video today demonstrating a device he created that he calls OwnStar that can intercept communications between GM's RemoteLink mobile app and the OnStar cloud service in order to unlock and start an OnStar equipped car. Kamkar said that after a user opens the OnStar Remote Link app on his or her mobile phone "near the OwnStar device," OwnStar intercepts the communication and sends "data packets to the mobile device to acquire additional credentials. The OwnStar device then notifies the attacker about the new vehicle that the hacker has access to for an indefinite period of time, including its location, make and model. And at that point, the hacker can use the Remote Link app to control the vehicle. Kamkar said GM is aware of the security hole and is working on a fix.

Applehu Akbar writes: A team of researchers at the Swedish University of AgriculturalSciences has engineered a barley gene into rice, producing a variety that yields 50% more grain while producing 90% less of the powerful greenhouse gas methane. The new rice pulls off this trick by putting more of its energy into top growth. In countries which depend on rice as a staple, this would add up to a really large amount of increased rice and foregone methane.Link to Original Source

McGruber writes: Hillview, Kentucky resident William H. Merideth describes his Sunday afternoon: "Sunday afternoon, the kids – my girls – were out on the back deck, and the neighbors were out in their yard," Merideth said. "And they come in and said, 'Dad, there’s a drone out here, flying over everybody’s yard.'"

Merideth's neighbors saw it too. "It was just hovering above our house and it stayed for a few moments and then she finally waved and it took off," said neighbor Kim VanMeter. VanMeter has a 16-year-old daughter who lays out at their pool. She says a drone hovering with a camera is creepy and weird. "I just think you should have privacy in your own backyard," she said.

Merideth agrees and said he had to go see for himself. “Well, I came out and it was down by the neighbor’s house, about 10 feet off the ground, looking under their canopy that they’ve got under their back yard," Merideth said. "I went and got my shotgun and I said, ‘I’m not going to do anything unless it’s directly over my property.’"

That moment soon arrived, he said. "Within a minute or so, here it came," he said. "It was hovering over top of my property, and I shot it out of the sky. I didn't shoot across the road, I didn't shoot across my neighbor's fences, I shot directly into the air."

It wasn't long before the drone's owners appeared. "Four guys came over to confront me about it, and I happened to be armed, so that changed their minds," Merideth said. "They asked me, 'Are you the S-O-B that shot my drone?' and I said, 'Yes I am,'" he said. "I had my 40mm Glock on me and they started toward me and I told them, 'If you cross my sidewalk, there's gonna be another shooting.'"

A short time later, Merideth said the police arrived. "There were some words exchanged there about my weapon, and I was open carry – it was completely legal," he said. "Long story short, after that, they took me to jail for wanton endangerment first degree and criminal mischief...because I fired the shotgun into the air."Link to Original Source

Mark Wilson writes: Facebook comes in for a lot of criticism, but one things that managed to rub a lot of people up the wrong way is its real names policy. For some time the social network has required its users to reveal their real name rather than allowing for the adoption of pseudonyms. This has upset many, including musicians and the drag community.

Now a German watchdog has told Facebook that its ban on fake names is not permitted. The Hamburg Data Protection Authority said that the social network could not force users to replace pseudonyms with real names, nor could it ask to see official identification.

The watchdog's order follows a complaint from a German woman who had her Facebook account closed because she used a fake name. She had opted to use a pseudonym to avoided unwanted contact from business associates, but Facebook demanded to see ID and changed her username accordingly. Hamburg Data Protection Authority said this and similar cases were privacy violations.Link to Original Source

codguy writes: After a previous failed attempt (http://yro.slashdot.org/story/13/11/26/1927254/jury-finds-newegg-infringed-patent-owes-23-million) to fight patent troll TQP Development in late 2013, Newegg has now beaten this troll in a rematch (http://blog.newegg.com/newegg-vs-patent-trolls-when-we-win-you-win/). From the article:

"Newegg went against a company that claimed its patent covered SSL and RC4 encryption, a common encryption system used by many retailers and websites. This particular patent troll has gone against over 100 other companies, and brought in $45 million in settlements before going after Newegg."

This follows on Intuit's recent success in defending itself against this claim (http://yro.slashdot.org/story/14/06/26/1353216/intuit-beats-ssl-patent-troll-that-defeated-newegg).Link to Original Source

I'm just trying to think how that would have been possible. I think back then there was a medical exception you could plead for. I didn't. I passed the 20 WPM test fair and square and got K6BP as a vanity call, long before there was any way to get that call without passing a 20 WPM test.

Unfortunately, ARRL did fight to keep those code speeds in place, and to keep code requirements, for the last several decades that I know of and probably continuously since 1936. Of course there was all of the regulation around incentive licensing, where code speeds were given a primary role. Just a few years ago, they sent Rod Stafford to the final IARU meeting on the code issue with one mission: preventing an international vote for removal of S25.5 . They lost.

I am not blaming this on ARRL staff and officers. Many of them have privately told me of their support, including some directors and their First VP, now SK. It's the membership that has been the problem.

I am having a lot of trouble believing the government agency and NGO thing, as well. I talked with some corporate emergency managers as part of my opposition to the encryption proceeding (we won that too, by the way, and I dragged an unwilling ARRL, who had said they would not comment, into the fight). Big hospitals, etc.

What I got from the corporate folks was that their management was resistant to using Radio Amateurs regardless of what the law was. Not that they were chomping at the bit waiting to be able to carry HIPAA-protected emergency information via encrypted Amateur radio. Indeed, if you read the encryption proceeding, public agencies and corporations hardly commented at all. That point was made very clearly in FCC's statement - the agencies that were theorized by Amateurs to want encryption didn't show any interest in the proceeding.

So, I am having trouble believing that the federal agency and NGO thing is real because of that.

The Technican Element 3 test wasn't more difficult than the Novice Element 1 and 2 together, so Technican became the lowest license class when they stopped having to take Element 1.

The change to 13 WPM was in 1936, and was specifically to reduce the number of Amateur applicants. It was 10 WPM before that. ARRL asked for 12.5 WPM in their filing, FCC rounded the number because they felt it would be difficult to set 12.5 on the Instructograph and other equipment available for code practice at the time.

It was meant to keep otherwise-worthy hams out of the hobby. And then we let that requirement keep going for 60 years.

The Indianapolis cop episode was back in 2009. It wasn't the first time we've had intruders, and won't be the last, and if you have to reach back that long for an example, the situation can't be that bad. It had nothing to do with code rules or NGOs getting their operators licenses.

A satphone is less expensive than a trained HF operator. Iridium costs $30 per month and $0.89 per minute to call another Iridium phone. That's the over-the-counter rate. Government agencies get a better rate than that. And the phone costs $1100, again that's retail not the government rate, less than an HF rig with antenna and tower will cost any public agency to install.

You think it's a big deal to lobby against paid operators because there will be objections? How difficult do you think it was to reform the code regulations? Don't you think there were lots of opposing comments?

And you don't care about young people getting into Amateur Radio. That's non-survival thinking.

Fortunately, when the real hams go to get something done, folks like you aren't hard to fight, because you don't really do much other than whine and send in the occassional FCC comment. Do you know I even spoke in Iceland when I was lobbying against the code rules? Their IARU vote had the same power as that of the U.S., and half of the hams in the country came to see me. That's how you make real change.

OpenSSL has first-to-market advantage, and anyone who hasn't evaluated the quality differences will choose the simpler license. Plus there are other alternatives, like Amazon's new SSL-in-5000-lines which is also gift-licensed.

The time for OpenSSL to dual-license was when it was the only available alternative to entirely proprietary implementations. That might indeed have funded a quality improvement.

I don't know a thing about the quality of GnuTLS or the Amazon thing. I've seen enough of the insides of OpenSSL to know it's not pretty, but am not a crypto guy and this don't work on it.

Maintaining FIPS compliance did not make anything easier. It's essentially a prohibition on bug repair, as you have to recertify afterward. But the people who wanted FIPS were the only ones who were actually paying for someone to work on OpenSSL.

I don't think any of the other Free Software projects ever tried to be FIPS certified.

If you are one of the infringed parties, I'd be happy to talk with you about what your options are. bruce at perens dot com or +1 510-4PERENS (I'm not there today, but it will take a message). I am not a lawyer but I work with the good ones and can bring them into the conversation if necessary.

As a community we've managed to almost completely ignore that because of their use of dual-licensing, MySQL made 1.1 Billion dollars after 9 years in business, and that for a database that was written by one person, and the code base remained available under the GPL.

IMO, 1.1 Billion dollars is pretty damn impressive. Especially if you get paid that to make Free Software. Heck, sign me up!

Oracle was a bad actor, and Monty is now leading further development of that same code base under the GPL. But it did not have to be that way.

Referred to in the programming profession as The Coding God.
Men fear me, women lust for me, children beg me for my autograph. My brain is so big it can actually be seen pulsing through the sutures in my skull. I can cook popcorn by placing it on my head and solving differential equations. Or thinking about Cindy Crawford. God calls *me* when He has a question. Geez, I'm good...